Using the Windows Event Forwarder (WEF)'s extended log forwarding features

From TDiWiki

Jump to: navigation, search

The Windows Event Forwarder, or WEF, can be used not only to forward the normal Windows Event logs, but may also be used to forward up to 8 application logs as well. An example might be the Oracle Logs from an Oracle Database running on the Windows server.


To do this, you must plan ahead and know a few things beforehand.

The IP of the ConsoleWorks server the log will be sent to.
The path and file name of the log you'd like to forward on the Windows machine.
An available port to use to send the data to ConsoleWorks.
The polling interval you would like to use.
The WEF must've been installed and started at least once before you can properly configure it. The WEF is found on your ConsoleWorks server here:

Image:WEF-DL_Location.JPG


After the WEF has been installed and run once, stop the service if you have not already and open Regedit on the Windows Server where the WEF is installed. Trace your way to the LFF key folder (on the left in the screenshot below). Each LFF key may "point" to a different file and utilize different port numbers, modes and polling intervals:

Image:WEFRegistry_Edits.jpg

Note the items circled in RED. The path and file name, the IP address of the ConsoleWorks server, the port you've selected to transfer the data on, and the mode (0, 1, 2, or 3) that you wish to use.

Available modes are:

0 = That thread is off. No Log forwarding will occur.
1 = That thread will open the file every time and read everything sending it to the ConsoleWorks server.
2 = That thread will only tail the file, it won’t read the entire file every start.
3 = That thread will keep track of the last byte in the file sent and will always send what it hasn’t already sent.


On the ConsoleWorks Server itself.

You must have the optional Pseudo Console connector license installed.
Create a Console for the Application you want to monitor using the Pseudo Console:

Image:Pseudo cons for Wef.JPG


Create a "bat" file in the Pseudo Console directory that calls the cstraprcv.exe utilizing the "raw" data type and specifying the appropriate "port" as selected above. Image:WEFPseudo Console.JPG

An example of the contents of this "bat" file are shown below. (Note the use of the quotation marks to allow Windows to properly parse the command).

Image:WEFPseudo_Console_content.JPG

Once properly configured, you may check the log for the newly defined Console to see if the data has begun streaming. If not recheck the above steps. If still unable to see it work, contact TDI support at support@tditx.com or (800)695-1258.


This Wiki post assumes the ConsoleWorks platform is Windows. Please see the user guide for your platform for specific file locations.
The minimum version of ConsoleWorks and the Windows Event Forwarder is 3.2-0u2
Retrieved from "http://wiki.tditx.com/index.php/Using_the_Windows_Event_Forwarder_%28WEF%29%27s_extended_log_forwarding_features"
Personal tools